Solved Disable geli auto-attach at boot

Mike

New Member


Messages: 3

#1
I encrypted a partition with geli using the directions in the FreeBSD handbook. Currently, I am asked for a password at boot, and I can use the encrypted partition, which is not mounted as root.

Is it possible for me to disable this automatic geli attach so that I can do it manually after boot?

The issue is that I'd like to be able to restart the system remotely, e.g., via ssh, but now I need to type in the password at the physical terminal after it restarts.

I tried removing the "geli_devices" and "geli_*_flags" lines from /etc/rc.conf, but that prevented the system from booting when it couldn't find the partition. Any help with this would be appreciated.
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,774
Messages: 28,526

#2
I tried removing the "geli_devices" and "geli_*_flags" lines from /etc/rc.conf, but that prevented the system from booting when it couldn't find the partition.
Don't forget to remove the filesystem from /etc/fstab. The system tries to mount it because it's in /etc/fstab and fails. Failures in fstab will prevent the system from booting.
 
OP
OP
M

Mike

New Member


Messages: 3

#3
Thanks! As you obviously know, you're right. However, I had the option set to include "noauto" in /etc/fstab. Can you tell me why that didn't work?

Also, is there something more clever I can do to easily attach and mount it once the system is booted other than throw together a shell script? I was hoping I could just put it in fstab with the noauto and be able to just use mount without needing to remember simple things like the name of the partition and geli attach.

Thanks again!
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 6,774
Messages: 28,526

#4
However, I had the option set to include "noauto" in /etc/fstab. Can you tell me why that didn't work?
That's a good question. Maybe the option wasn't set correctly? The noauto should prevent it from being mounted during boot. It doesn't really matter if the referenced filesystem or device exists or not. That's an error you get when you actually try to mount(8) it.

without needing to remember simple things like the name of the partition and geli attach.
You will have to do geli attach yourself, the system isn't going to do this "automagically". Would be a nice feature but requires more information than what's currently stored in fstab (the key for example).
 
OP
OP
M

Mike

New Member


Messages: 3

#5
You will have to do geli attach yourself, the system isn't going to do this "automagically". Would be a nice feature but requires more information than what's currently stored in fstab (the key for example).
I guess that makes sense. I was hoping that having the key information in /etc/rc.conf would work, but I suppose it makes sense that mount is otherwise ignorant of the underlying geli functionality. Heinous shell script it is!

Again, I appreciate your help!
 
Top